Description
Insertion of Sensitive Information Into Sent Data vulnerability in PressTigers Simple Job Board simple-job-board allows Retrieve Embedded Sensitive Data.This issue affects Simple Job Board: from n/a through <= 2.13.7.
Published: 2025-10-22
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

PressTigers Simple Job Board plugin versions up to 2.13.7 suffer from an insertion of sensitive information into sent data, which allows an attacker to retrieve embedded sensitive data. This results in the exposure of confidential information and is classified as CWE‑201.

Affected Systems

The affected product is the PressTigers Simple Job Board WordPress plugin; all releases through version 2.13.7 are vulnerable, so any site running that plugin or an earlier version is at risk.

Risk and Exploitability

The CVSS score of 7.5 indicates a medium‑to‑high impact, while the EPSS score of less than 1 % suggests that exploitation is unlikely at present. The vulnerability is not listed in CISA's KEV catalog. Likely attack vectors involve sending requests to the plugin’s endpoints that include sensitive parameters, allowing the attacker to retrieve the embedded data; the description does not indicate any other prerequisite conditions.

Generated by OpenCVE AI on April 30, 2026 at 05:31 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Simple Job Board plugin to the most recent release (≥ 2.13.8) to eliminate the vulnerability.
  • If an upgrade is not immediately possible, block or rate‑limit requests that include sensitive parameters to the plugin’s endpoints, or implement a web‑application firewall rule to filter out exposed data.
  • Audit the plugin’s settings to disable any features that log or expose private data, and remove or neutralize any legacy code paths that may inadvertently reveal credentials.

Generated by OpenCVE AI on April 30, 2026 at 05:31 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 20 Jan 2026 15:30:00 +0000

Type Values Removed Values Added
References

Tue, 20 Jan 2026 14:45:00 +0000

Type Values Removed Values Added
References

Thu, 13 Nov 2025 11:30:00 +0000

Type Values Removed Values Added
References

Thu, 13 Nov 2025 10:45:00 +0000

Type Values Removed Values Added
References

Thu, 23 Oct 2025 15:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 23 Oct 2025 10:30:00 +0000

Type Values Removed Values Added
First Time appeared Presstigers
Presstigers simple Job Board
Wordpress
Wordpress wordpress
Vendors & Products Presstigers
Presstigers simple Job Board
Wordpress
Wordpress wordpress

Wed, 22 Oct 2025 14:45:00 +0000

Type Values Removed Values Added
Description Insertion of Sensitive Information Into Sent Data vulnerability in PressTigers Simple Job Board simple-job-board allows Retrieve Embedded Sensitive Data.This issue affects Simple Job Board: from n/a through <= 2.13.7.
Title WordPress Simple Job Board plugin <= 2.13.7 - Sensitive Data Exposure vulnerability
Weaknesses CWE-201
References

Subscriptions

Presstigers Simple Job Board
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-29T09:51:56.610Z

Reserved: 2025-09-17T18:01:11.731Z

Link: CVE-2025-59579

cve-icon Vulnrichment

Updated: 2025-10-23T15:03:28.079Z

cve-icon NVD

Status : Deferred

Published: 2025-10-22T15:15:56.167

Modified: 2026-04-15T00:35:42.020

Link: CVE-2025-59579

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-30T05:45:16Z

Weaknesses